An announcement has been made by WordPress that fixes seventeen bugs fixes and seven vulnerabilities. Sites that use WordPress are being updated automatically to WordPress 5.4.1.
WordPress patched its software in order to address a number of Cross-site scripting (XSS) script on a vulnerable web page. An XSS vulnerability lets an attacker inject a malicious script on a vulnerable web page.
An authenticated cross-site scripting (Authenticated XSS) is the same vulnerability, but this one happens when a user is logged in. Also, the users can be anything from an admin, all the way down to a site member.
An attacker can take advantage of XSS vulnerabilities, letting them attack site visitors as well as to alter a WordPress web page. Vulnerabilities like these can be used as the first wave of attack that can unlock and clear the way for other more serious attacks.
This is why it is important to remain on top of XSS vulnerabilities and keep your WordPress installation patched to the very latest version.
The software update was not not limited to fixing XSS vulnerabilities. There were other kinds of vulnerabilities as well.
According to WordPress, WP installations from WordPress 3.7 and up have all been update automatically. This means that WordPress installations lower than 3.7 have not been automatically updated.
The official announcement implied that any version that is lower than 3.7 are still vulnerable, so it’s a good idea to keep your WordPress updated.
According to the official WordPress announcement:
“This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately.”
Here is the official WordPress announcement here: